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Cryptographic key management 
Dahl A. Gerberick 

May 1990 ACM SIGSAC Review, volume 8 issue 2 
Publisher: ACM Press 

Full text available: ^ pdf(962.9 6 KB ) Additional Information: f ull citation , abstrac t, index terms 

There are two main issues concerning data security on networks; controlling access and 
the vulnerability of data communication links. A brief introduction to the various 
techniques which may be applied to these concerns are given in this paper. 



2 Architectu r e for Prot e ctin g C ritical Secrets in M i croprocessors Q 
Ruby B. Lee, Peter C. S. Kwan, John P. McGregor, Jeffrey Dwoskin, Zhenghong Wang 
May 2005 ACM SIGARCH Computer Architecture News , Proceedings of the 32nd 

annual international symposium on Computer Architecture ISCA '05, volume 

33 Issue 2 

Publisher: IEEE Computer Society, ACM Press 

Full text available: ^ pdf(143.62 KB) Additional Information: full citation , abstract , cited by . index terms 

We propose "secret-protected (SP)" architecture to enable secure and convenient 
protection of critical secrets for a given user in an on-line environment. Keys are 
examples of critical secrets, and key protection and management is a fundamental 
problem i often assumed but not solved L underlying the use of cryptographic protection 
of sensitive files, messages, data and programs. SP-processors contain a minimalist set of 
architectural features that can be built into a general-purpose microprocess ... 



3 Protectin g ap plications with trans i ent au th en t ic ation 




Mark D. Corner, Brian D. Noble 

May 2003 Proceedings of the 1st international conference on Mobile systems, 



applications and services MobiSys '03 
Publisher: ACM Press 

Full text available: ^ pdf( 294.40 KB) Additional Information: full citation , abstract , references , cited by 

How does a machine know who is using it? Current systems authenticate their users 
infrequently, and assume the user's identity does not change. Such persistent 
authentication is inappropriate for mobile and ubiquitous systems, where associations 
between people and devices are fluid and unpredictable. We solve this problem with 
Transient Authentication, in which a small hardware token continuously authenticates the 
user's presence over a short-range, wireless link. We present the fo ... 
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Securit y: A u to matic discovery of API-leve l expl oits Q 

Vinod Ganapathy, Sanjit A. Seshia, Somesh ]ha, Thomas W. Reps, Randal E. Bryant 

May 2005 Proceedings of the 27th international conference on Software engineering 

ICSE '05 , Proceedings of the 27th international conference on Software 

engineering ICSE '05 
Publisher: ACM Press, IEEE Computer Society 

Full text available: 1j| pdf(51 0.01 KB) 

S Additional Information: full citation , abstra ct, r eferences , index terms 

P ub lis h e r Site 

We argue that finding vulnerabilities in software components is different from finding 
exploits against them. Exploits that compromise security often use several low-level 
details of the component, such as layouts of stack frames. Existing software analysis 
tools, while effective at identifying vulnerabilities, fail to model low-level details, and are 
hence unsuitable for exploit-finding. We study the issues involved in exploit-finding by 
considering application programming interface (API) level ... 

Keywords: API-level exploit, bounded model checking 

W irele s s n e twork se cu rity I: Common data s ecuri ty ne twork (CDSN) Q 
Aftab Ahmad, Mona El-Kadi Rizvi, Stephan Olariu 

October 2005 Proceedings of the 1st ACM international workshop on Quality of 
service & security in wireless and mobile networks Q2SWinet '05 

Publisher: ACM Press 

Full text available: ^ pdf(287. 1 2 KB ) Additional Information: full cit ation, abstr a c t, r eferences , index terms 

We present the idea of using a separate network that processes and enforces security in a 
data network. We briefly discuss various components of such a network, called common 
data security network (CDSN). We use the example of the IEEE 802. Hi to determine one 
of the link level metrics of the proposed network, the fractional overhead for IEEE 802. IX 
and temporal key integrity protocol (TKIP). 

Keywords: IEEE 802. Hi, TKIP, common data security, security architecture, security 
plane, wireless LANs 

Formal analysis of crypto protocols: A modular correctness proof of IEEE 802.1 1 i and I I 
TLS 

Changhua He, Mukund Sundararajan, Anupam Datta, Ante Derek, John C. Mitchell 
November 2005 Proceedings of the 12th ACM conference on Computer and 

communications security CCS '05 
Publisher: ACM Press 

Full text available: ^ pdf(257.74 KB) Additional Information: full citation , abstract, references , index terms 

The IEEE 802. Hi wireless networking protocol provides mutual authentication between a 
network access point and user devices prior to user connectivity. The protocol consists of 
several parts, including an 802. IX authentication phase using TLS over EAP, the 4-Way 
Handshake to establish a fresh session key, and an optional Group Key Handshake for 
group communications. Motivated by previous vulnerabilities in related wireless protocols 
and changes in 802. Hi to provide better security, we carry ou ... 

Keywords: IEEE 802. Hi, TLS, protocol composition logic 
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Mohamed Kassab, Abdelfettah Belghith, Jean-Marie Bonnin, Sahbi Sassi 

October 2005 Proceedings of the 1st ACM workshop on Wireless multimedia 

networking and performance modeling WMuNeP '05 
Publisher: ACM Press 

Full text available: ^) pdf(398.42 KB) Additional Information: full citation , a bstr act, references , index terms 

Recently, user mobility in wireless data networks is increasing because of the popularity of 
portable devices and the desire for voice and multimedia applications. These applications, 
however, require fast handoffs among base stations to maintain the quality of the 
connections. Re-authentication during handoff procedures causes a long handoff latency 
which affects the flow and service quality especially for multimedia applications. Therefore 
minimizing re-authentication latency is crucial in ord ... 

Keywords: IAPP, IEEE 802. Hi, WiFi, handover, pre-authentication, re-authentication 



8 Securit y an alysi s: An alysis of the 802.111 4-way hand shak e Q 
J£k Changhua He, John C. Mitchell 

^ October 2004 Proceedings of the 3rd ACM workshop on Wireless security WiSe '04 
Publisher: ACM Press 

Additional Information: fu l l c i ta tion, abstr a c t, references, cited b y, ind ex 



Full text available: 11 1 pdf(328. 36 KB) 

terms 

802. Hi is an IEEE standard designed to provide enhanced MAC security in wireless 
networks. The authentication process involves three entities: the supplicant (wireless 
device), the authenticator (access point), and the authentication server (e.g., a backend 
RADIUS server). A 4- Way Handshake must be executed between the supplicant and the 
authenticator to derive a fresh pairwise key and/or group key for subsequent data 
transmissions. We analyze the 4-Way Handshake protocol using a finite-state ve ... 

Keywords: 4-way handshake, 802. Hi, WLAN, authentication, denial-of-service, key 
management 

9 A survey of key management for secure g roup communication Q 
Jj^ Sandro Rafaeli, David Hutchison 

^ September 2003 ACM Computing Surveys (CSUR), volume 35 issue 3 
Publisher: ACM Press 

i- ii * ^ i ui 0i , fn , c o-, ,v D x Additional Information: full citation , abstract, references, citings, index 

Full text available: T9 pdf(346.27 KB) — — * 

tejms 

Group communication can benefit from IP multicast to achieve scalable exchange of 
messages. However, there is a challenge of effectively controlling access to the 
transmitted data. IP multicast by itself does not provide any mechanisms for preventing 
nongroup members to have access to the group communication. Although encryption can 
be used to protect messages exchanged among group members, distributing the 
cryptographic keys becomes an issue. Researchers have proposed several different 
approach ... 

Keywords: Group Key Distribution, Multicast Security 

1 0 Lightweig ht key management for IEEE 802 .1 1 wirele s s LANs with key refresh and I I 
hos t revocati o n 

Avishai Wool 

November 2005 Wireless Networks, volume n issue 6 
Publisher: Kluwer Academic Publishers 
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Full text available: |j| pdf(466.01 KB) Additional Information: full citation , abstract , references , index terms 

The IEEE 802.11 Wireless LAN standard has been designed with very limited key 
management capabilities, using up to 4 static, hong term, keys, shared by all the stations 
on the LAN. This design makes it quite difficult to fully revoke access from previously- 
authorized hosts. A host is fully revoked when it can no longer eavesdrop and decrypt 
traffic generated by other hosts on the wireless LAN. This paper proposes WEP*, a 
lightweight solution to the host-revocation problem. The key mana ... 

Keywords: authentication, security 
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